SYNOPSIS

DESCRIPTION

The bos listkeys command formats and displays the list of server
encryption keys from the /etc/openafs/server/KeyFile file on the server
machine named by the -server argument.

To edit the list of keys, use the bos addkey and bos removekey
commands.

CAUTIONS

Displaying actual keys on the standard output stream (by including the
-showkey flag) is a security exposure. Displaying a checksum is
sufficient for most purposes.

OPTIONS

-server <machine name>

Indicates the server machine from which to display the KeyFile
file. Identify the machine by IP address or its host name (either
fully-qualified or abbreviated unambiguously). For details, see bos(8).

For consistent performance in the cell, the output must be the same on
every server machine. The bos addkey reference page explains how to
keep the machines synchronized.

-showkey

Displays the octal digits that constitute each key.

-cell <cell name>

Names the cell in which to run the command. Do not combine this argument
with the -localauth flag. For more details, see bos(8).

-noauth

Assigns the unprivileged identity "anonymous" to the issuer. Do not
combine this flag with the -localauth flag. For more details, see
bos(8).

-localauth

Constructs a server ticket using a key from the local
/etc/openafs/server/KeyFile file. The bos command interpreter presents the
ticket to the BOS Server during mutual authentication. Do not combine this
flag with the -cell or -noauth options. For more details, see
bos(8).

-help

Prints the online help for this command. All other valid options are
ignored.

OUTPUT

The output includes one line for each server encryption key listed in the
KeyFile file, identified by its key version number.

If the -showkey flag is included, the output displays the actual string
of eight octal numbers that constitute the key. Each octal number is a
backslash and three decimal digits.

If the -showkey flag is not included, the output represents each key as
a checksum, which is a decimal number derived by encrypting a constant
with the key.

Following the list of keys or checksums, the string "Keys last changed"
indicates when a key was last added to the KeyFile file. The words
"All done" indicate the end of the output.

For mutual authentication to work properly, the output from the command
"kas examine afs" must match the key or checksum with the same key
version number in the output from this command.

EXAMPLES

The following example shows the checksums for the keys stored in the
KeyFile file on the machine "fs3.abc.com".

PRIVILEGE REQUIRED

The issuer must be listed in the /etc/openafs/server/UserList file on the
machine named by the -server argument, or must be logged onto a server
machine as the local superuser "root" if the -localauth flag is
included.

SEE ALSO

COPYRIGHT

This documentation is covered by the IBM Public License Version 1.0. It was
converted from HTML to POD by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.